Security Management Strategies for the CIOAccess "Vulnerability scanners: Not the best tools for network perimeter defense"
This article is part of the March 2003 issue of Dollars and sense: Getting the security budget you need -- and spending it wisely
To test the value of our five vulnerability analyzers as practical tools for systems managers, we turned them to the very real-world task of tuning our Sourcefire network IDS. We looked at three ways in which we wanted to use VA results to make our IDS more useful. We got mixed results, reflecting the weaknesses the VA tools demonstrated throughout our testing. Nonstandard ports. Sourcefire can look for Web server attacks on any TCP port, but is initially configured with the most common ones--80, 8000 and 8080. Knowing where we have Web servers running would give us a chance to act on alerts before a vulnerable server caused serious problems. It wasn't very easy collecting a list of ports on which our Web servers were running, since our VA tools sort reports either by vulnerability or by host. Only Retina and Nessus found servers on nonstandard ports, so we ran a simple Perl script against their reports written to summarize the Web server results. If we were in a production environment, we would have dumped the events into a database. In the real world, we ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Roundtable: Advice on IT security budget management
by Andrew Briney
Four CISOs discuss practical strategies for getting the security budget you need, and spending it wisely.
-
Vulnerability scanners: Not the best tools for network perimeter defense
by Joel Snyder, contributor
Sidebar: Vulnerability scanners prove mediocre tools for helping IDSes protect the network perimeter.
-
IT security auditing: Best practices for conducting audits
by Carole Fennelly, Contributor
Even if you hate security audits, it's in your best interest to make sure they're done right.
-
Security spending on a tight information security budget
by Andrew Briney
Infosecurity budgets are increasing at a far slower rate than many people assume.
-
Roundtable: Advice on IT security budget management
by Andrew Briney
-
-
Testing and comparing vulnerability analysis tools
by Joel Snyder, Contributor
We tested five VA scanners to see how well they illuminate holes in your systems.
-
Beefing up security with BIG-IP load balancer
by Scott Sidel, Contributor
F5 Networks beefs up its BIG-IP load balancer to take on a greater security role.
-
Security audit tools: Vendors every auditor should use
by Caroline Fennelly, Contributor
Sidebar: An auditor should be familiar with a variety of tools and utilities, not just a single packaged scanner. They include utilities and power tools, both open source and commercial.
-
Testing and comparing vulnerability analysis tools
by Joel Snyder, Contributor
-
Columns
-
IT security spending: How to spend less
by Andrew Briney
To get the budget you need, think like a CFO: How do we make more, or how do we spend less?
-
IT security and ethical hacking: Does it do more harm than good?
by William H. Murray, Contributor
SQL Slammer was a new worm, but it's an old problem.
-
Your're caught: Examining punsihment for cybercrime
by Lawrence Walsh
The Trippin Smurfs hacker gang chose the wrong day to deface NASA.
-
The growth of information security acronyms
by Jay Heiser, Contributor
As more security certifications become available, there's an even greater opportunity for acronym abuse.
-
Six steps for security patch management best practices
by Fred Avolio, Contributor
Six steps to help decide when you must patch...and when it's OK to wait.
-
Protect Active Directory traffic with a VPN
by Russ Cooper, Contributor
Active Directory network traffic is mission critical and highly sensitive, and must be protected by a VPN.
-
Security for the virtual enterprise
by John Taylor, Contributor
When everything's "outside," how do you secure the "inside"?
-
IT security spending: How to spend less
by Andrew Briney
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...